head	1.11;
access;
symbols
	pkgsrc-2024Q2:1.9.0.6
	pkgsrc-2024Q2-base:1.9
	pkgsrc-2024Q1:1.9.0.4
	pkgsrc-2024Q1-base:1.9
	pkgsrc-2023Q4:1.9.0.2
	pkgsrc-2023Q4-base:1.9
	pkgsrc-2023Q3:1.8.0.2
	pkgsrc-2023Q3-base:1.8
	pkgsrc-2023Q2:1.7.0.10
	pkgsrc-2023Q2-base:1.7
	pkgsrc-2023Q1:1.7.0.8
	pkgsrc-2023Q1-base:1.7
	pkgsrc-2022Q4:1.7.0.6
	pkgsrc-2022Q4-base:1.7
	pkgsrc-2022Q3:1.7.0.4
	pkgsrc-2022Q3-base:1.7
	pkgsrc-2022Q2:1.7.0.2
	pkgsrc-2022Q2-base:1.7
	pkgsrc-2022Q1:1.6.0.8
	pkgsrc-2022Q1-base:1.6
	pkgsrc-2021Q4:1.6.0.6
	pkgsrc-2021Q4-base:1.6
	pkgsrc-2021Q3:1.6.0.4
	pkgsrc-2021Q3-base:1.6
	pkgsrc-2021Q2:1.6.0.2
	pkgsrc-2021Q2-base:1.6
	pkgsrc-2019Q2:1.4.0.6
	pkgsrc-2019Q2-base:1.4
	pkgsrc-2019Q1:1.4.0.4
	pkgsrc-2019Q1-base:1.4
	pkgsrc-2018Q4:1.4.0.2
	pkgsrc-2018Q4-base:1.4
	pkgsrc-2018Q3:1.3.0.20
	pkgsrc-2018Q3-base:1.3
	pkgsrc-2018Q2:1.3.0.18
	pkgsrc-2018Q2-base:1.3
	pkgsrc-2018Q1:1.3.0.16
	pkgsrc-2018Q1-base:1.3
	pkgsrc-2017Q4:1.3.0.14
	pkgsrc-2017Q4-base:1.3
	pkgsrc-2017Q3:1.3.0.12
	pkgsrc-2017Q3-base:1.3
	pkgsrc-2017Q2:1.3.0.8
	pkgsrc-2017Q2-base:1.3
	pkgsrc-2017Q1:1.3.0.6
	pkgsrc-2017Q1-base:1.3
	pkgsrc-2016Q4:1.3.0.4
	pkgsrc-2016Q4-base:1.3
	pkgsrc-2016Q3:1.3.0.2
	pkgsrc-2016Q3-base:1.3
	pkgsrc-2016Q2:1.2.0.2
	pkgsrc-2016Q2-base:1.2;
locks; strict;
comment	@# @;


1.11
date	2026.06.10.13.18.13;	author adam;	state Exp;
branches;
next	1.10;
commitid	tXkfVz9gJ2n5OfJG;

1.10
date	2024.08.23.17.55.10;	author adam;	state dead;
branches;
next	1.9;
commitid	Ofoqysxpgl3kqYmF;

1.9
date	2023.11.20.17.59.35;	author adam;	state Exp;
branches;
next	1.8;
commitid	5LmUuvPu4TdTlnNE;

1.8
date	2023.06.29.18.06.21;	author adam;	state Exp;
branches;
next	1.7;
commitid	fmiSUuxdDiGg1SuE;

1.7
date	2022.03.28.19.32.25;	author adam;	state Exp;
branches;
next	1.6;
commitid	PD0sxmCH3yrnd1yD;

1.6
date	2021.05.14.12.57.27;	author nia;	state Exp;
branches;
next	1.5;
commitid	3T8SxjmJBAZRf7TC;

1.5
date	2019.07.12.09.33.22;	author adam;	state dead;
branches;
next	1.4;
commitid	ySsZfcYVrgwrIJuB;

1.4
date	2018.10.18.16.25.40;	author adam;	state Exp;
branches;
next	1.3;
commitid	qa5dj4Fcr8znAsWA;

1.3
date	2016.07.01.04.51.15;	author adam;	state Exp;
branches;
next	1.2;
commitid	rahhA2kOYypYHzcz;

1.2
date	2016.04.13.17.25.57;	author adam;	state Exp;
branches;
next	1.1;
commitid	2Et0VBx7jsJQqu2z;

1.1
date	2016.04.08.16.59.07;	author adam;	state Exp;
branches;
next	;
commitid	vxCclWv6LywArQ1z;


desc
@@


1.11
log
@ntopng: updated to 6.6

6.6

Breakthroughs

New Autonomous Systems Dashboards, Sankeys, and comprehensive AS statistics
Enhanced flow exporters and probes statistics with dedicated pages
Improved SNMP devices polling
Major flow collection code rework and optimizations
Native support for ClickHouse Cloud with SSL connections
Direct flows dump mode for real-time ClickHouse export

Improvements

Add comprehensive AS ranking detection and alerting with configurable thresholds
Implement ASN traffic rules for better AS-level traffic management
Enhance ASN live flow aggregation
Add conditional ASN aggregation type based on ASN mode
Add ASN alerts to alert system
Optimized SNMP access to interface names
Add Transit Only AS filter and tables
Add flow exporter/probe statistics with dedicated interfaces and exporters pages
Optimize SNMP polling by removing unnecessary double polling on system and interfaces
Add SNMP interface roles (core, distribution, access, etc.) for better network topology visualization
Implement SNMP devices CSV import/export with SNMPv3 support
Enhance asset inventory with SNMP Bridge MIB integration
Optimize SNMP caching and interface name lookup
Improve ClickHouse connection handling with SSL/TLS support for ClickHouse Cloud
Optimize exporters/probes statistics with better data structures and reduced memory footprint
Add support for nProbe Source ID (NPROBE_SOURCE_ID) custom field
Implement --direct-flows-dump option to dump flows directly when collected
Improve historical flow filtering and export capabilities
Add throughput charts based on interface probe stats
Improve Redis operations with optimized caching
Add safety checks across flow collection and statistics code
Optimize Host Pools with support for up to 4096 pools
Improve packet dumper for traffic extraction
Add more detailed flow exporter IP flow layout
Add support for HTTP methods other than GET/POST; reworked and simplified code
Improved chart visualization
Slightly improved visualization on mobile

Changes

Remove pre-NAT information display from flows and statistics
Rework exporters and probes statistics implementation
Unify all exporters interfaces pages
Rework flow collection with better probe/exporter/interface tracking
Change timeseries charts to stacked mode for better visualization
Remove VLAN 0 from various displays
Change MAC address formatting for consistency
Update flow aggregation with new aggregation functions
Add support for arbitrary nDPI protocol IDs in shapers
Remove obsolete code and cleanup
Disable various functionalities in ASN Mode
@
text
@$NetBSD$

Use correct clickhouse-cpp.

--- Makefile.in.orig	2026-06-08 11:44:52.455150303 +0000
+++ Makefile.in
@@@@ -34,15 +34,9 @@@@ LUA_HOME=${PWD}/third-party/lua-5.4.6
 LUA_INC=-I$(LUA_HOME)/src
 LUA_LIB=$(LUA_HOME)/src/liblua.a
 
-CLICKHOUSE_HOME=@@CLICKHOUSE_HOME@@
-CLICKHOUSE_INC=
-CLICKHOUSE_LIB=
+CLICKHOUSE_INC=-I${prefix}/include/clickhouse
+CLICKHOUSE_LIB=-lclickhouse-cpp-lib
 CLICKHOUSE_DEP_LIBS=
-#ifeq ($(OS),Linux)
-CLICKHOUSE_INC=-I$(CLICKHOUSE_HOME) -I$(CLICKHOUSE_HOME)/contrib/absl
-CLICKHOUSE_LIB=$(CLICKHOUSE_HOME)/build/clickhouse/libclickhouse-cpp-lib.a
-CLICKHOUSE_DEP_LIBS=$(CLICKHOUSE_HOME)/build/contrib/cityhash/cityhash/libcityhash.a $(CLICKHOUSE_HOME)/build/contrib/lz4/lz4/liblz4.a
-#endif
 
 ifeq ($(OS),Linux)
 	LUA_PLATFORM=linux
@


1.10
log
@ntopng: updated to 6.2

ntopng 6.2 (August 2024)

Breakthroughs

Major code optimizations and reduction of locks
Huge memory footprint reduction (by more than half)
Huge improvements to SNMP polling
MITRE alerts classification
New Security report
Replay historical flows on a virtual interface
Support for ClickHouse Cloud and TLS towards ClickHouse/SQLite
Cisco QoS MIB poller
New translations: Korean, Spanish and French
Support for influxdb v.2 (with v.1 compatible buckets)
CheckMK alerts export through Event Console (syslog)
New WeChat Alert endpoint
Add more filtering capabilities to the Reports
New UI table component

Improvements

Add flow_risk and host_risk remediations.
Add VLAN rules
Add drops/flows and probes info to view interface
Add exporters limits to ntopng licenses
Add extensions for asset inventory
Add feature sorting flows by protocol
Add flows and drops ts to netflow/sflow exporters
Add info to nprobes and exporters pages
Add interface to SNMP topology map
Add localhost to ipaddress expection lists
Add mac address to the hosts page
Add missing DHCP mappings
Add mitre_info to alerts in ClickHouse
Add NAT info to ClickHouse and ECS
Add SIP status call
Add the ability to set custom alert score
Add uuid_num and unique_source_id to exporters and probes
Add various filters to Historical/Alerts pages
Add L2TP decapsulation
Add sankey to probes/exporters page
Add support for flow source
Add --disable-purge for debug purposes Added average flow throughtput in flows
Add support for Ethernet-over-IP tunnel support
Add SNMP interface and device usage page and timeseries
Add detection of interfaces going down/up when open in pcap mode
Add host name discovered with DHCP
Add blacklist charts
Add SNMP Trap support
Add QoS page to snmp
Add sankey to probes/exporters page
Add support for MAC addresses in traffic profiles
Add smcroute integration.
Add traffic profiles rules.
Add TCP flow connection state
Add SNMP interface speed configuration
Add report editor
Add support for ModBUS Scattered Holding Register Read
Add filtering ability to report page
Add JE malloc support
Improve cloud support
Implement NetFlow polling device using coroutines
Implement flow traffic account in pcap interfaces when reading traffic from a pcap interface.
Implement mitre_table_info inside database
Implement TLS swap heuristic similar to SSH
Improve host pool reload latency
Improve performance in SNMP device listing
Improve SNMP various performances and reworked interfaces page
Modify Lua allocator to avoid allocating small blocks and using ^2 blocks size to reduce heap fragmentation
Reduced memory and trhead usage Added missing HTTP server thread naming Added --limit-resources to tell ntopng to reduce memory usage (useful for systems with limited resources)
Rework periodic discovery code
Rework flow exporters lua stats
Rework interface polling with snmpbulk
Rework flow exporters host rules
Rework timeseries backend and added support to bar charts
Rework throughput calculation for flow-based interfaces: it is no longer calculated periodically but only when a new flow update is received
Update the dashboard with the editing component feature.
Add support for interfaces of different datalink with pcap (e.g. -i ethX,tunY...)

Changes

Add ntopng to group systemd-journal
Add download of journalctl logs for the last day
Add hostnames to custom queries
Add mapping between db fields and netflow
Add usage of proto.ndpi_confidence in flow_details.
Add SNMP import functionality for CSV files
Add limit on DB interface flows accoring to the flow cache
Add Major and Minor connection states
Add percentage and * as exporter device option in Flow Exporter rules + minor fixes.
Add option to backup redis (ntopng-utils-manage-config -a backup -r)
Add percentage and * as exporter device option in Flow Exporter rules + minor fixes.
Add check for avoiding crash with hosts with no MAC
Add trigger period action on shell script
Add exporters limits to ntopng licenses
Add memory boundaries checks
Add switch between normal and per minute traffic ts
Add icon in flows that indicate when the flow has swapped directions
Add flow exporter top chart
Add autosearch when opening edit application page
Add topk chart to conversations
Add support for ModBUS Scattered Holding Register Read
Add host location to flow page
Add limitations for max number of polled SNMP devices
Add check for preventing false positive for long lived connections on top of protocols that can take a while
Add SNMP usage page
Add thpt charts to historical flows
Add garbage collector calls
Add startup flush for ntopng.trace_error.alert_queue
Add Bootstrap 5 tooltip support
Add check to avoid memory issues (heap overflow) during DHCP packet dissection
Add check for avoid setting the interface in non-blocking mode when used with pcap files
Change the severity of the old blacklisted flow to critical
Change the labels from 'Downlink Usage' and 'Uplink Usage' to 'In Usage' and 'Out Usage'
Changed score level for various Alerts.
Cleaned up flow throughout calculation
Disabled flow swap for UDP flows that might lead to false positives
Disable download image button on Safari.
Enable the editing of blacklist URL.
Enable interface name search.
Enable search in the SNMP interfaces page.
Make sort/delete persistent. Compute component_id on server side.
nmap command path is now computed at runtime
Packet padding is no longer accounted in flow traffic
Prevents non-admin users to pause interfaces
Report templates can now be defined in multiple paths
Reduced table retention
Remove additional http header
Remove sflowdev timeseries and unified to flowdev
Remove outdated unahandled flows that was casing fiscrepancies in flow accounting
Remove useless work when shutting down
Run nmap setcap only when we're outside a container
Update doc with all the latest features.

nEdge

Add option to enable external captive portal auth
Add Keep Src Address flag.
Add MAC and IP Address to radius interim-update
Add new fields to radius accounting
Add code to delete expired flows in ntopng still present in conntrack
Add check for offloaded flows with uncompleted protocol detection that have observed too many packets (updated via conntrack)
Implement remote radius authentication for local users (toggle)
Handle broadcast forwarding
Optimized std::map to reduce memory usage
Remove keep_src_address
Remove the hardcoded testing value for traffic_quota_ratio.
Remove alerts no longer necessary as they have been replaced by local traffic rules
Fix broadcast forwarding
Fix Daily Traffic Quota and Daily Time Quota column style.
Fix incorrect delta calculation
Fix repeater config modal reset
Fix the apply button in repeaters modal.
Fix progress bar.
Fix editing on repeater-config modal by removing unnecessary variable.
Fix the enable_nat and enable_iface toggles
Fix the alignment of column_key icons on the host_details/flows page.
Fix Daily Traffic Quota and Daily Time Quota column style.
Fix the alignment of column_info icons.

Fixes

Fix top visited websites leak (growing undefinitely) and cpu load (sorting on every decoded site)
Fix aggregated live flows exporter filter.
Fix L7 Protocol usage & empty table statement using the view interface in Server Ports Analysis page
Fix pcap extraction for unprivileged users
Fix chown group
Fix TCP Flow Reset check.
Fix TCPFlowReset check.
Fix free on uninitialized pointers
Fix the creation of the all_alerts_view in the ClickHouse cluster SQL script.
Fix the partition parameter in the ClickHouse cluster SQL database schema.
Fix a bug related to removing CVEs when a scan is in progress and make minor optimizations.
Fix the formatting of 0 percentage.
Fix access to released memory in UT hash iteration
Fix navigation from server ports analysis chart view to table view.
Fix where on aggregated queries (interface id was ignored)
Fix invalid packet count with fragemented traffic
Fix info field cut after 256 characters
Fix crash and memory leak introduced
Fix missing fields in TLS alerts
Fix invalid application protocol accounting in network interfaces due to partial nDPi detection
Fix pcap download
Fix bug in UDP scan
Fix counter polling
Fix SSH flow swap heuristic
Fix segmentation fault on Stratosphere lab blacklist loading
Fix pcap polling on macOS and FreeBSD Fixes handling of interface pause (idle) on pcap interfaces
Fix SQL injection description
Fix copy not working on alert description
Fix string info cut due to buffer size
Fix invalid host rename when using HTTP proxies
Fix reset counters does not reset sent/rcvd bytes/packets
Fix attempt to index nil value
Fix some performance issues in the new flow page
Fix timeseries queries not working with serialize by mac
Fix incorrect check on TOS
Fix thpt historical flow chart
Fix historical flow charts
Fix duplicated entries in radius
Fix service map learning not reset at startup
Fix circular dependencies
Fix tooltip not working
Fix active monitoring alert discarded with no pool selected
Fix incorrect hosts number
Fix issue with host pools assignment
Fix remote access alert not triggered
Fix SNMP topology map and added to all snmp devices
Fix SNMP v3 import not working
Fix topology map not correctly working
Fix various translation to It, JP an other languages.
Fix various issue with application reloading
Fix various issues in SNMP Chart
Fix bytes per minute SNMP Serie not added
Fix shell script execution on alerts engaged
Fix crash when sorting hosts in low memory conditions
Fix domain name extraction from the info column.
Fix colors in dygraph plotters
Fix throughput values in local traffic rules.
Fix wrong source type in exporters report
Fix emergency recipient toast not configured
Fix location not correctly set in case of aggregation
Fix unknown filter applied even when not filtered
Fix schema id switch in influx
Fix Heap-buffer-overflow in IEC104
Fix influxdb top stats
Fix timeseries charts timezone and removed no more used files
Fix FreeBSD packaging issues with VulScan
Fix incorrect total calculation
Fix various issues on the exporter pages
Fix historical aggregated flow issue with timestamp lower than the last day
Fix various lua memory issues
CentOS 7 fixes
Workaround for a memory leak on windows for a bug on the pthread library
Various OT fixes
@
text
@d1 1
a1 1
$NetBSD: patch-Makefile.in,v 1.9 2023/11/20 17:59:35 adam Exp $
d3 1
a3 1
Don't build an internal copy of Lua.
d5 1
a5 1
--- Makefile.in.orig	2023-11-02 14:11:55.000000000 +0000
d7 15
a21 3
@@@@ -29,19 +29,6 @@@@ MONGOOSE_HOME=${PWD}/third-party/mongoos
 MONGOOSE_INC=-I$(MONGOOSE_HOME)
 ######
d23 2
a24 34
-LUA_PLATFORM=generic
-LUA_HOME=${PWD}/third-party/lua-5.4.3
-LUA_INC=-I$(LUA_HOME)/src
-LUA_LIB=$(LUA_HOME)/src/liblua.a
-
-ifeq ($(OS),Linux)
-	LUA_PLATFORM=linux
-else ifeq ($(OS),Darwin)
-	LUA_PLATFORM=macosx
-else ifeq ($(OS), $(filter $(OS), FreeBSD))
-	LUA_PLATFORM=freebsd
-	LUA_LIB=/usr/local/lib/liblua-5.3.a
-endif
 
 
 ######
@@@@ -102,8 +89,6 @@@@ RPM_PKG = $(TARGET)-$(NTOPNG_VERSION)-@@R
 RPM_DATA_PKG = $(TARGET)-data-$(NTOPNG_VERSION)-@@REVISION@@.noarch.rpm
 ######
 
-LIB_TARGETS = $(LUA_LIB)
-
 ifneq ($(HAS_ZEROMQ), 0)
 LIB_TARGETS += $(ZEROMQ_LIB)
 endif
@@@@ -150,8 +135,6 @@@@ test_alert_engine: $(OBJECTS_NO_MAIN) $(
 	$(MAKE) CPPFLAGS="${CPPFLAGS} -DTEST_CHECK_ENGINE" src/AlertCheckLuaEngine.o
 	$(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) $(OBJECTS_NO_MAIN) -Wall $(LIBS) -o $@@
 
-$(LUA_LIB):
-	$(MAKE) -C $(LUA_HOME) $(LUA_PLATFORM)
 
 $(ZEROMQ_LIB):
 	cd $(ZEROMQ_HOME); ./configure --without-documentation --without-libsodium; $(MAKE)
@


1.9
log
@ntopng: updated to 6.0

6.0 Stable

Breakthroughs

New configurable Dashboard with new built-in templates
New configurable Traffic Report
New Vulnerability Scans & CVEs support
Add support to Periodic Reports notified via Recipients (e.g. email)
Add Inactive Hosts
Add PagerDuty integration
Add TheHive integration
Add support to Modbus and Modbus alerts
Add Server Ports Analysis page
Enable multithreading in active measurements (more accurate)
Migrate frontend chart timeseries library to Dygraph
Add support for MAC Address based RADIUS accounting
Improve OT, ICS, Scada support
Trigger External Host alerts directly from Lua (also for inactive hosts)
Add multicast forwarders
Implement host blackhole
Add support for LLDP id to MIB-II InterfaceId mapping
Add support for bidirectional rules
Add support for Enterprise XL bundle

Improvements

Implement asynchronous VS scanning
Implement Ms Teams call detection
Optimize blacklist handling
Improve Network Map charts physics
Extend support to deliver notification to specific recipients
Improve traffic recording settings
Add support for Host Pools and Networks in Local Traffic Rules
Add search map
Add custom queries for Top Local/Remote hosts
Add Top receiver/sender networks custom queries
Add openvas support
Add new Vulners vulnerability scanner
Add ability to set probes aliases
Add MDNS, NETBios, HTTP historical filters
Improve FreeBSD clickhouse installation
Implement -L <path> for logging HTTP requests
Add -z for enabling timestamp reforge when reading pcap files
Improve dark mode css
Optimize ElasticSearch export (removed locks, increase export queue to 64K to handle spikes)
Add Radius chap validation
Add Radius auth protocol preference
Automated commit of clang-format CI changes
Add tool for creating nProbe topics in a kafka broker
Implement host score in Host scripts
Improvements for No-RX traffic analysis
Improve nProbe time drift check
Implement clickhouse retention
Add new page with snmp device rules
Add limit to discard clickhouse dump files
Improve IP/MAC association in SNMP

Changes

Support multilple -m options
Rework nDPI stats
Add support for multiple email recipients
Add logic to enable generic checks if without a configuration
Add malware host contacted check
Use REST API to enable/disable checks
Disabled the reset of the email notification modal upon failed edit submission
Whitelisted locale page
Add ability to reset blacklist stats
Implement blacklist stats
Add mining currency in flow info
Add flag to use proxy in email settings
Reduced in simulate vlans option, the number of vlans
Restricted top flow chart for community version
Add input with suggestions component
Set capture direction for n2disk in zmq interfaces
Add explicit flag to enable flow export when recording on zmq interfaces
Add support for %NPROBE_INSTANCE_NAME
Add Ellio blocklist configuration (disabled by default)
Update to the latest nDPI risks
Email endpoint improvements
Improve notification message
Add download/upload buttons
Add possibility to send notification to recipients
Add multicast broadcast filter
Updated checks lists per license
Add feedback of correctly host inserted or already present
Take the score into account when computing the top alerted hosts
Add backend autorefresh support
Add flow exporter mapping to timeseries
Update default aggregation criteria in Aggregated live flows.
Add missing protocol mapping
Exported IP country information when using -F syslog
Change js formatting function for 'number' type, using thousands separator
Disabled LDAP support for FreeBSD
Add VLAN bidirectional traffic alert
Handle JSON format for NXLOG in Kerberos plugin

nEdge

Add dashboard templates for nedge pro and enterprise
Enable CH support on nEdge Enterprise
Enable throughput charts on nedge
Make Multicast repeater configurable
Add MDNS and multicast repeater
Major cleanup of (deprecated) nedge host pools code
Add support for custom informative captive portal
Set multiple LAN addresses in case of multiple LAN interfaces
Add inter-LANs policies
Always redirect somewhere on captive success, instead of displaying an empty page
nf_config API improvements

Fixes

Fix edit rest in multicast forwarding
Fix missing validation functions
Fix traffic timeseries labels
Fix RedHat OS-name detection
Fix prototype pollution vulnerability
Fix thread pool spawning on freebsd
Fix Zoom handling
Fix behavior alert not triggered
Fix naming with timeseries
Fix nDPI protocol id issues
Fix RRD computation of sampled series with MAX as consolidated function
Fix flow alert where clause in write mode
Fix alert silencing not working
Fix application protocol ID using minor and major protocol
Fix UI spinner on loading
Fix recursive problem in active monitoring
Fix ts with vlans
Fix shutting down doesn't insert alerts in CH
Fix checks configuration initialization (default values) for new risks
Fix traffic behavior total not working in charts
Fix timeseries chart date format
Fix SSH flow swap heuristic
Fix avg empty value and added extra check for nan values in js
Fix pcap dynamically loaded not triggering alert
Fix ZMQ linking on Win
Fix date format
Fix blacklist counter stats
Fix flow alert queries on SQLite
Fix interface and local networks alerts not released
Fix flow devices not working with view interface
Fix flow exporters not seen with aggregated interfaces
Fix js regexes
Fix for validating correctly host and VLAN
Fix segv with custom protocols
Fix l7 metadata ingestion (e.g. dns query) when collecting from ZMQ
Fix hostname resolving
Fix ApexCharts formatter
Fix heap-buffer-overflow in MDNS packet dissection
Fix exclusion bitmap not correctly set
Fix some errors and leaks found while fuzzing locally
Fix Heap buffer overflow in IEC104Stats
Fix for memory management in packet-mode
@
text
@d1 1
a1 1
$NetBSD: patch-Makefile.in,v 1.8 2023/06/29 18:06:21 adam Exp $
@


1.8
log
@ntopng: updated to 5.6

ntopng 5.6

Breakthroughs

Add XL license
Add support Rocky9
Add support to Kafka
Increased max num of exporters
Introduce nTap support
Introduce support to ClickHouse Cluster
Rework Historical Chart Page
Rework pages using VueJS and moving towards responsive client
Improvements

Handle allowed networks for unprivileged users
Improve multitenancy support
Improve thread names
Improve mac formatting
Improve top host sites adding reset method
Improve pcap upload
Improve ports formatting
Improve handling for Cisco NBAR collection
Improve source style
Improve Linux OS detection
Improve Engaged Time Report in Chart
Improve passive DNS hosty resolution
Improve alerts reports
Improve OPNsense installation instruction
Improve host report
Improve support to NDPI_TCP_ISSUES flow risk
Improve layout
Improve ICMP flow handling
Lowered memory consumption due to alert score
Rework pro code directories
Rework lua code
Rework flow aggregation
Rework capabilities support
Socket code cleanup
Use API to build interface report
Update rrd calculations
Update JP localization (courtesy of Yoshihiro Ishikawa)
Changes

Add logo to package
Add missing deps
Add link to host
Add options to send report by email
Add Report class and example
Add internal server error on health/interfaces doc api
Add support for external (REST) host alerts
Add various help and parameters
Add script to create a pdf report from historical API data
Add NXLOG/Active Directory documentation
Add reload button in various pages
Add third party resources
Add flow exporter ips to observation points
Add support for the python API documentation
Add forced offline variable to mantain the --offline option
Add support for Lua host engaged alerts using timeout
Add observation points ts
Add HTTP server in flow details
Add token-based authentication https://www.ntop.org/guides/ntopng/advanced_features/authentication.html?highlight=token#token-based-authentication
Add Flow Risk (Bitmap) Filter in alerts
Add make targets for pip package Updated package classes
Add L7 information in flow object adding
Add CodeQL workflow for GitHub code scanning
Add modal-download-file component and add export timeseries png picture button
Add critical and emergency status to alerts
Add oneway TCP flows counters
Add support for nDPI network handling in flows
Add -n 4 for name resolution
Add IMAP/POP stats
Add Stratosphere Labs Blacklist support
Add support d3v7
Add Requires for RH9 (redhat-lsb-core is deprecated)
Add interfaces stats api and refactor the others health api
Add support to application protocol and master protocol
Add CIDR support in Historical Flows
Add new Aggregated Flows page
Add new Alerts Analysis page
Add support for estimating the number of TCP contacted servers with no reply
Add new Ports Analysis page
Add detection of periodic flows and exported it as flow risk in both flows and alerts
Add REST API to get DB columns and info
Add ability to query alerts from Python
Add Zoom streams handling
Add various checks
Add IP-in-IP decapsulation
Add Host Rules page (possiblity to trigger alerts based on timeseries)
Add the ability to analyze a pcap without creating a new interface
Add Windows timezone handling
Change table definition
Cleanup file names
Disabled host serialization
Enlarged the number of local networks to 1024
Increased upload size to 25 MB
Implement custom script check
Implement support of host filtering with TX traffic sent
Implement unresponsive peers host report
Implement count of incoming tx peers with TCP flows unanswered
Move ts business logic in ts_rest_utils.lua
Patch for handling nicely clock drift at startup
Remove obsolete autogen commands On Linux stay with g++ unless asnitizer is used
Remove REST API v0 (discontinued since ntopng 4.2)
Remove no more used severity
Refactor range-picker query_presets
Rework host packets page and removed dscp page
Rework host ports implementation
Rework Historical class
Rework OPNsense plugin package build
Self test fixes and improvements
Update documentation
Update REST API
Update bootstrap table css
Update various pages to vuejs
Update counter scaling (no gauge)
Update response in service disabled case
nEdge

Add support to multi LAN and fixes DHCP service error
Add VLAN and multi WAN support to nedge
Add routing_policy to nedge configuration callback
Fix netplan configuration error
Update vlan trunk doc
Fix

Df columns error management, table export formatted with % and column reordering now working
Fix missing openssl dependency from MacOS
Fix clang
Fix host sankey minor issues
Fix hyperlinks to historical charts not working
Fix hyperlinks not working correctly
Fix Regex escape
Fix application name resolution on aggregated views
Fix RRD driver for step calaculation
Fix visual bugs with master and app proto
Fix various interface page minor bugs
Fix shortened labels
Fix default sort not working
Fix influxdb retention not updated
Fix name and size of charts
Fix vlan label not mapped
Fix for FreeBSD configure
Fix ip resolution not updating the name
Fix discrepancy in Traffic Calculation (Interface Chart)
Fix measurement units not uniform
Fix crash swap
Fix bug that reported wrong DNS information
Fix build process with opnsense/plugins
Fix validators regexps
Fix ICMP emtropy report Improved HTTP flows report
Fix Telegram Reported alerts contain HTML
Fix multi-series Charts are Unreadable in Dark Mode
Fix invalid reverse host resolution that caused hosts to be labelled with wrong symbolic name
Fix delete obsoleted code from page-stats
Fix for circular dependency js
Fix overlay not working
Fix due to changes to nDPI ALPN handling
Fix CSS Inconsistency Across Browsers
Fix Deep copy also for array of objects
Fix missing modules
Fix NAT handling with nprobe
Fix initialization crash
Removed multiple load from tables
ZMQ encryption key is now reported in hex to avoid escape problems
@
text
@d1 1
a1 1
$NetBSD: patch-Makefile.in,v 1.7 2022/03/28 19:32:25 adam Exp $
d5 1
a5 1
--- Makefile.in.orig	2023-02-02 13:33:21.000000000 +0000
d27 1
a27 1
@@@@ -99,8 +86,6 @@@@ RPM_PKG = $(TARGET)-$(NTOPNG_VERSION)-@@R
d36 1
a36 1
@@@@ -147,8 +132,6 @@@@ test_alert_engine: $(OBJECTS_NO_MAIN) $(
d38 1
a38 1
 	$(CPP) $(CPPFLAGS) $(LDFLAGS) $(OBJECTS_NO_MAIN) -Wall $(LIBS) -o $@@
@


1.7
log
@ntopng: updated to 5.2.1

ntopng 5.2 (February 2022)

Breakthroughs
* New ClickHouse support for storing historical data, replacing nIndex support (data migration available)
* Advanced Historical Flow Explorer, with the ability to define custom queries using JSON-based configurations
* New Historical Data Analysis page (including Score, Applications, Alerts, AS analysis), with the ability to define custom reports with charts
* Enhanced drill down from charts and historical flow data and alerts to PCAP data
* nEdge support for Ubuntu 20
* Enhanced support for Observation Points

Improvements
* Improve CPU utilization and memory footprint
* Improve historical data retention management for flows and timeseries
* Improve periodic activities handling, with support for strict and relaxed (delayed) tasks
* Improve filtering and analysis of the historical flows
* Improve alert explorer and filtering
* Improve Enterprise dashboard look and feel
* Improve the speedtest support and servers selection
* Improve support for ping and continuous ping (ICMP) for active monitoring
* Improve flow-direction handling
* Improve localization (including DE and IT translations)
* Improve IPS policies management
 * Add IPS activities logging (e.g. block, unblock)
* Improve SNMP support
 * Optimize polling of SNMP devices
 * Improve SNMP v3 support
 * Add more information including version
 * Stateful SNMP alert to detect too many MACs on non-trunk
 * Perform fat MIBs poll on average every 15 minutes
 * Add preference to disable polling of SNMP fat MIBs
* Add more information to the historical flow data, including Latency, AS, Observation Points, SNMP interface, Host Pools
* Add detailed view of historical flows and alerts
* Add support for nProbe field L7_INFO
* Add ICMP flood alert
* Add Checks exclusion settings for subnets and for hosts and domains globally
* Add CDP support
* Add more regression tests
* Add support for obsolete client SSH version
* Add support for ERSPAN version 2 (type III)
* Add support for all the new nDPI Flow Risks added in nDPI 4.2
* Add extra info to service and periodicity map hosts
* Add Top Sites check
* REST API
 * Getter for the bridge MIB
 * Getter for LLDP adjacencies
 * Check for BPF filters
 * Score charts timeseries and analysis

Changes
* Encapsulated traffic is accounted for the lenght of the encapsulated packet and not of the original packet
* Remove nIndex support, including the flow explorer
* Remove MySQL historical flow explorer (export only)
* Hide LDAP password from logs

Fixes
* Fix a few memory leaks, double free, buffer overflow and invalid memory access
* Fix SQLite initialization
* Fix support for fragmented packets
* Fix IP validation in modals
* Fix netplan configuration manager
* Fix blog notifications
* Fix time range picker to support all browsers
* Fix binary application transfer name in alerts
* Fix glitches in chart drag operations
* Fix pools edit/remove
* Fix InfluxDB timeseries export
* Fix ELK memory leak
* Fix TLS version for obsolete TLS alerts when collecting flows
* Fix fields conversion in timeseries charts filters
* Fix some invalid nProbe field mapping
* Fix hosts Geomap
* Fix slow shutdown termination
* Fix wrong Call-ID 0 with RTP streams with no SIP stream associated
* Fix ping support for FreeBSD
* Fix active monitoring interface list
* Fix host names not always shown
* Fix host pools stats
* Fix UTF8 encoding issues in localization tools
* Fix time/timezone in forwarded syslog messages
* Fix unknown process alert
* Fix nil DOM javascript error
* Fix country not always shown in flow alerts
* Fix non-initialized traffic profiles
* Fix traffic profiles not working over ZMQ
* Fix syslog collection
* Fix async SNMP calls blocking the execution
* Fix CPU stats timeseries
* Fix InfluxDB attempts to alwa re-create retention policies
* Fix REST API ts.lua returning 24h data
* Fix processing of DNS packets under certain conditions
* Fix invalid space in SNMP Hostnames
* Fix REST API incompat. (/get/alert/severity/counters.lua, /get/alert/type/counters.lua)
* Fix map layout not saved correctly
* Fix LLDP topology for Juniper routers
* Fix not authorized error when editing SNMP devices
* Fix double 95perc, splitted avg and 95perc in sent/rcvd in charts
* Fix inconsistent local/remote timeseries
* Fix Risks generation in IPS policy configuration
* Fix deletion of sub-interface
* Fix deadline not honored when monitoring SNMP devices
* Fix traffic profiles on L7 protocols
* Fix TCP connection refused check
* Fix failures when the DB is not reacheable
* Fix segfault with View interfaces
* Fix hosts wrongly detected as Local
* Fix missing throughputs in countries

Misc
* Enforces proxy exclusions with env var `no_proxy`
* Move Lua engine to 5.4
* Major code review and cleanup

nEdge
* Add support for  Ubuntu 20
* Add ability to logout when using the Captive Portal
* Add per egress interface stats and timeseries
* Add active DHCP leases in UI and REST API
* Add daily/weekly/monthly quotas
* Add service and periodicity maps and alerts
* Fix Captive Portal not working due to invalid allowed interface
* Fix addition of static DHCP leases
* Fix factory reset
* Fix reboot button

ntopng 5.0 (August 2021)

Breakthroughs

* Advanced alerts engine with security features, including the detection of [attackers and victims](https://www.ntop.org/ntopng/how-attackers-and-victims-detection-works-in-ntopng/)
 * Integration of 30+ [nDPI security risks](https://www.ntop.org/ndpi/how-to-spot-unsafe-communications-using-ndpi-flow-risk-score/)
 * Generation of the `score` [indicator of compromise](https://www.ntop.org/ntopng/what-is-score-and-how-it-can-drive-you-towards-network-issues/) for hosts, interfaces and other network elements
* Ability to collect flows from hundredths of routers by means of [observation points](https://www.ntop.org/nprobe/collecting-flows-from-hundred-of-routers-using-observation-points/)
* Anomaly detection based on Double Exponential Smoothing (DES) to uncover possibly suspicious behaviors in the traffic and in the score
* Encrypted Traffic Analysis (ETA) with special emphasis on the TLS to uncover self-signed, expired, invalid certificates and other issues

New features

* Ability to configure alert exclusions for individual hosts to mitigate false positives
* FreeBSD / OPNsense / pfSense [packages](https://packages.ntop.org/)
* Ability to see the TX/RX traffic breakdown both for physical interfaces and when receiving traffic from nProbe
* Add support for ECS when exporting to Syslog
* Improved TCP analysis, including analysis of TCP flows with zero window and low goodput
* Ability to send alerts to Slack
* Implementation of a token-based REST API access

Improvements

* Reworked the execution of hosts and flows checks (formerly user scripts), yielding a reduced CPU load of about 50%
* Improved 100Kfps+ [NetFlow/sFlow collection performance](https://www.ntop.org/nprobe/netflow-collection-performance-using-ntopng-and-nprobe/)
* Drilldown of [nIndex](https://www.ntop.org/guides/ntopng/advanced_features/flows_dump.html#nindex) historical flows much more flexible
* Migration to Bootstrap 5
* Check malicious JA3 signatures against all TLS-based protocols
* Reworked Doh/DoT handling

Fixes

* Fixes SSRF and stored-XSS injected with malicious SSDP responses
* Fixes several leaks in NetworkInterface

Notes

* To ensure optimal performance and scalability and to prevent uneven resource utilization, the maximum number of interfaces handled by a single ntopng instance has been reduced to
 * 16 (Enterprise M)
 * 32 (Enterprise L)
 * 8  (all other versions)
* REST API v1/ is deprecated and will be dropped in the next stable release in favor of REST API v2/
* The old alerts dashboard has been removed and replaced by an advanced alerts drilldown page with integrated charts
@
text
@d1 1
a1 1
$NetBSD: patch-Makefile.in,v 1.6 2021/05/14 12:57:27 nia Exp $
d5 1
a5 1
--- Makefile.in.orig	2022-02-02 17:01:08.000000000 +0000
d7 1
a7 1
@@@@ -33,19 +33,6 @@@@ MONGOOSE_HOME=${PWD}/third-party/mongoos
d27 1
a27 1
@@@@ -102,8 +89,6 @@@@ RPM_PKG = $(TARGET)-$(NTOPNG_VERSION)-@@R
d36 1
a36 1
@@@@ -144,8 +129,6 @@@@ test_alert_engine: $(OBJECTS_NO_MAIN) $(
d38 1
a38 1
 	$(CXX) $(CXXFLAGS) $(LDFLAGS) $(OBJECTS_NO_MAIN) -Wall $(LIBS) -o $@@
@


1.6
log
@ntopng: Don't use bundled copy of Lua
@
text
@d1 1
a1 1
$NetBSD$
d3 1
a3 1
Don't build an internal copy of Lua...
d5 1
a5 1
--- Makefile.in.orig	2020-03-27 16:51:24.000000000 +0000
d7 1
a7 1
@@@@ -29,19 +29,6 @@@@ MONGOOSE_HOME=${PWD}/third-party/mongoos
d12 3
d22 1
d24 1
a24 4
-
-LUA_HOME=${PWD}/third-party/lua-5.3.5
-LUA_INC=-I$(LUA_HOME)/src
-LUA_LIB=$(LUA_HOME)/src/liblua.a
d27 1
a27 2
 LIBRRDTOOL_HOME=${PWD}/third-party/rrdtool-1.4.8
@@@@ -121,8 +108,6 @@@@ RPM_PKG = $(TARGET)-$(NTOPNG_VERSION)-@@R
d36 1
a36 1
@@@@ -162,9 +147,6 @@@@ test_alert_engine: $(OBJECTS_NO_MAIN) $(
d38 1
a38 1
 	$(GPP) $(OBJECTS_NO_MAIN) -Wall $(NLIBS) -o $@@
d41 2
a42 2
-	cd $(LUA_HOME); @@GMAKE@@ $(LUA_PLATFORM)
-
d44 1
a44 2
 	cd $(ZEROMQ_HOME); ./configure --without-documentation --without-libsodium; @@GMAKE@@
 
@


1.5
log
@ntopng: updated to 3.8

3.8 Stable

New features
* Remote assistance to temporarily grant encrypted ntopng access to remote
parties
* Custom URLs and IP addresses mappings to traffic categories
* Continuous traffic recording
* User activities logging
* Extended chart metrics

Improvements
* Alerts
* Improved InfluxDB support
* Handles slow and aborted queries
* Uses authentication
* Adds RADIUS and HTTP authenticators
* Options to allow users login via RADIUS and HTTP
* Lua 5.3 support
* Improved performance
* Better memory management
* Native support for 64-bit integers
* Native support for bitwise operations
* Adds the new libmaxminddb geolocation library
* Storage utilization indicators
* Global storage indicator to show the disk used by each interface
* Per-interface storage indicator to show the disk used to store timeseries and flows
* Support for Sonicwall PEN field names
* Option to disable LDAP referrals
* Requests and configures Keepalive support for ZMQ sockets
* Three-way-handshake detection
* Adds SNMP mac addresses to the search function

nEdge
* Implement nEdge policies test page
* Implement device presets
* DNS

Fixes
* Fixes missing flows dump on shutdown
* HTTP dissection fixes
* SNMP
* Properly handles endianness over ZMQ
@
text
@d1 1
a1 1
$NetBSD: patch-Makefile.in,v 1.4 2018/10/18 16:25:40 adam Exp $
d3 1
a3 1
Use Lua instead of LuaJIT2.
d5 1
a5 1
--- Makefile.in.orig	2018-09-19 15:35:27.000000000 +0000
d7 2
a8 1
@@@@ -29,11 +29,7 @@@@ MONGOOSE_INC=-I$(MONGOOSE_HOME)
d11 1
a11 2
 # Set USE_LUAJIT=0 to use the standard Lua (no JIT)
-USE_LUAJIT=1
d13 6
a18 2
-ifeq ($(OS),Darwin)
 USE_LUAJIT=0
d20 25
a45 2
 ifeq ($(USE_LUAJIT), 0)
   LUAJIT_INC = $(shell pkg-config --cflags lua) -DDONT_USE_LUAJIT
@


1.4
log
@ntopng: updated to 3.6.1

3.6.1 Stable
Brew formula fixes

3.6 Stable

New features
------------
New pro charts
Ability to compare data with the past (time shift)
Trend lines based on ASAP
Average and percentile lines overlayed on the graph and animated
New color scheme that uses pastel colors for better visualization
https://www.ntop.org/ntopng/ntopng-and-time-series-from-rrd-to-influxdb-new-charts-with-time-shift/
New timeseries API with support for RRD and InfluxDB
Abstracts and handles multiple sources transparently
https://www.ntop.org/guides/ntopng/api/lua/timeseries/index.html
Streaming pcap captures with BPF support
Download live packet captures right from the browser
New SNMP devices caching
Periodically cache information of all the SNMP device configured
Calculate and visualize interfaces throughput

Improvements
------------
Security
Access to the web user interface is controlled with ACLs
Secure ntopng cookies with SameSite and HttpOnly
HTTP cookie authentication
Improved random session id generation
Various SNMP improvemenets
Caching
Interfaces status change alerts
Device interfaces page
Devices and interfaces added to flows
Fixed several library memory leaks
Improved device and interface charts
Interfaces throughput calculation and visualization
Ability to delete all SNMP devices at once
Improved active devices discovery
OS detection via HTTP User-Agent
Alerts
Crypto miners alerts toggle
Detection and alerting of anomalous terminations
Module for sending telegram.org alerts
Slack
Configurable Slack channel names
Added Slack test button
Charts
Active flows vs local hosts chart
Active flows vs interface traffic chart
Ubuntu 18.04 support
Support for ElasticSearch 6 export
Added support for custom categories lists
Added ability to use the non-JIT Lua interpreter
Improved ntopng startup and shutdown time
Support for capturing from interface pairs with PF_RING ZC
Support for variable PPP header lenght
Migrated geolocation to GeoLite2 and libmaxminddb
Configuration backup and restore
Improved IE browser support
Using client SSL certificate for protocol detection
Optimized host/flows purging
@
text
@d1 1
a1 1
$NetBSD$
@


1.3
log
@Changes 2.4:
* Memory-management, stability and speed have been fundamentally improved
* We have kept an eye on security and hardened the code to prevent privileges escalation and XSS
* Alerts have been extended to include support for
  . Re-arming to avoid raising trains of identical alerts in short periods of time
  . Alert propagation to the infrastructure monitoring software Nagios
  . CIDR-based triggers to monitor the behavior of whole networks
  . The detection of suspicious probing attempts
* Netfilter support has been added together with optional packet dropping features
* Routing visibility is now possible through RIPE RIS
* Availability of fine-grained historical data drill-down features, including top talkers, top applications, and interactions between hosts (more details here)
* Integrations with other software
  . LDAP authentication support
  . alerts forwarding/withdrawal to Nagios
  . nBox integration to request full packet pcaps of monitored flows
  . Data export to Apache Kafka
* We have extended and improved traffic monitoring
  . Visibility of TCP sessions throughput estimations and state breakdown (e.g., connections established, connections reset, etc.)
  . Goodput monitoring
  . Trends detection
  . Highlight of low-goodput flows and hosts
  . Visibility of hosts top-visited sites
* Built-in support is now included for
  . GRE detunnelling
  . per-VLAN historical statistics
  . ICMP and ICMPv6 dissection
* We have extended the set of supported OSes to include: Ubuntu 16, Debian 7, EdgeOS
* There is also an optional support for hosts categorization via service flashstart.it
@
text
@d1 1
a1 1
$NetBSD: patch-Makefile.in,v 1.2 2016/04/13 17:25:57 adam Exp $
d3 1
a3 1
Use external nDPI.
d5 1
a5 1
--- Makefile.in.orig	2016-06-27 19:31:18.000000000 +0000
d7 1
a7 1
@@@@ -11,7 +11,7 @@@@ MAN_DIR=$(DESTDIR)@@MAN_DIR@@
d9 10
a18 7
 HAS_NDPI=$(shell pkg-config --exists libndpi; echo $$?)
 ifeq ($(HAS_NDPI), 0)
-    NDPI_INC = $(shell pkg-config --cflags libndpi | sed -e 's/\(-I[^ \t]*\)/\1\/libndpi/g')
+    NDPI_INC = $(shell pkg-config --cflags libndpi | sed -e 's/\(-I[^ ]*\)/\1\/libndpi/g')
     NDPI_LIB = $(shell pkg-config --libs libndpi)
     NDPI_LIB_DEP =
 else
@


1.2
log
@Refactored patch-Makefile.in to fix building with pkgconf
@
text
@d1 1
a1 1
$NetBSD: patch-Makefile.in,v 1.1 2016/04/08 16:59:07 adam Exp $
a2 1
Install into DESTDIR.
d5 1
a5 1
--- Makefile.in.orig	2015-11-30 18:15:18.000000000 +0000
d7 1
a7 8
@@@@ -5,13 +5,13 @@@@ SHELL=/bin/sh
 OS := $(shell uname -s)
 PWD=@@PWD@@
 GPP=@@GPP@@
-INSTALL_DIR=$(prefix)
+INSTALL_DIR=$(DESTDIR)$(prefix)
 MAN_DIR=$(DESTDIR)@@MAN_DIR@@
 
@


1.1
log
@ntopng is the next generation version of the original ntop, a network traffic
probe that shows the network usage, similar to what the popular top Unix
command does. ntopng is based on libpcap and it has been written in a portable
way in order to virtually run on every Unix platform, MacOSX and on Windows as
well.

ntopng users can use a a web browser to navigate through ntop (that acts as
a web server) traffic information and get a dump of the network status. In
the latter case, ntopng can be seen as a simple RMON-like agent with
an embedded web interface. The use of:

* a web interface.
* limited configuration and administration via the web interface.
* reduced CPU and memory usage (they vary according to network size and traffic)
@
text
@d1 1
a1 1
$NetBSD$
d20 1
a20 1
+    NDPI_INC = $(shell pkg-config --cflags libndpi)/libndpi
@